opensearch-devops icon indicating copy to clipboard operation
opensearch-devops copied to clipboard

Published 20 hours ago verified publisher icon opensearch-project

How to take s3 backup from OpenSearch to mini-io with https protocol in kubernates cluster.

Open ganilmca opened this issue 1 year ago • 5 comments

Is your feature request related to a problem? Please describe

Hi Team,

We were unable to take s3 backup from opensearch to min-io with https protocol.

We added the below 2 lines in values.yaml file. s3.client.default.endpoint: endpoint:30000 s3.client.default.protocol: https

We are using the below command to register the repo curl -k -XPUT -u admin:admin "https://opensearch-cluster-master-0:9200/_snapshot/s3_repo?pretty" -H 'Content-Type: application/json' -d' { "type": "s3", "settings": { "bucket": "bucket1", "base_path": "s3_repo", "path_style_access": true, "compress": true, "chunk_size": "500mb", "buffer_size": "50mb", "region": "default"

} }'

Abel to register the repo here.

But when i want to take backup by using the below command. curl -k -XPUT -u admin:admin 'https://opensearch-cluster-master-0:9200/_snapshot/s3_repo/snapshot1?wait_for_completion=true&pretty' -H 'Content-Type: application/json' -d' { "indices": "test*", "ignore_unavailable": true, "include_global_state": true, "region": "default" }'

We are getting the below error: "type" : "sdk_client_exception", "reason" : "sdk_client_exception: Request attempt 3 failure: Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

"reason" : "sdk_client_exception: Request attempt 3 failure: Unable to execute HTTP request: The target server failed to respond"

Can anyone please help to get it work, and also how to add min-io cetificate to opensearch, how to add proxy.host and proxy.port in helm charts.

Thanks & Regards, Anil.

Describe the solution you'd like

We want procedure like how to add cert file in helm charts and how to add proxy in helm charts and other parameter need to add from our side.

Related component

Plugins

Describe alternatives you've considered

No response

Additional context

No response

ganilmca avatar May 16 '24 11:05 ganilmca

Hi @ganilmca , Thank you opening the issue. Were you able to go through this forum post about the same issue: https://forum.opensearch.org/t/use-minio-as-snapshot-repository-failed-if-use-https/2749/2

gaiksaya avatar May 21 '24 19:05 gaiksaya

hi @gaiksaya,

We have gone through the above link, unfortunately that was not working for me even i have followed the same steps. will get the below error every time.

"reason" : "sdk_client_exception: Request attempt 3 failure: Unable to execute HTTP request: The target server failed to respond"

Please tell us how to pass the minio client certs from opensearch config side.

It will help us if you send me those details.

Thanks, Anil

ganilmca avatar May 27 '24 05:05 ganilmca

I encountered similar issue with respect to configuring MinIO to store snapshots.

Is there a way we can pass certs in opensearch. Can someone advise please?

arshashi avatar Jan 03 '25 04:01 arshashi

Hi Team,

Is this possible or not please suggest us, because we are waiting for your response. Please send us with step by step procedure to take s3 minio backup from opensearch kubernates cluster.

Thanks, Anil

ganilmca avatar Mar 17 '25 12:03 ganilmca

With the below configuration set on opensearch.yaml, I was able to take s3 backups on minio

  1. Create secret with access ID and secret
  2. Configure below in opensearch.yaml

general: keystore: - secret: name: cloud-bkp-credential-minio additionalConfig: s3.client.default.endpoint: https://endpoint:9000 s3.client.default.region: us-west-2 s3.client.default.protocol: https

arshashi avatar Mar 17 '25 13:03 arshashi